[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 203
  • Last Modified:

Problem setting up directory authentication - forbidden error

I'm new to Apache. I set up my .htaccess file as follows

Order Deny,Allow
Deny from All
AuthType Basic
AuthName "Log in"
AuthUserFile /.htpasswd
Require user root

and create an .htpasswd file, temporarily also in the root dir, thus

root:[has of password]

but Apache reports Forbidden, rather than the log in prompt? What am I doing wrong?

THANKS!
0
metalaureate
Asked:
metalaureate
  • 4
  • 2
1 Solution
 
Steve BinkCommented:
You are setting "Deny from All", which forbids access to all connections.  This setting determines access, and will supersede authorization - why authorize if you cannot access the content?  

If you just want authorization to control access, remove the "Deny from All".   If you want to accept connections only from specific IPs/hosts (in addition to requiring user/pass authorization from those connections), then use "Order Allow,Deny", and add Allow directives matching the IPs or hosts you want to allow.
0
 
metalaureateAuthor Commented:
Ok, that creates Internal Server Error.

I now have:

Order Deny,Allow
AuthType Basic
AuthName "Log in"
AuthUserFile /.htpasswd
Require user root

Any help much appreciated!
0
 
Steve BinkCommented:
The path you are using for AuthUserFile is an absolute path, so you will have to specify the entire path.  The .htpasswd file should most definitely not be in your root (/) directory.  If you make it a relative path (remove the beginning '/'), I believe it is relative to the current directory.

What kind of resources are you trying to serve?
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
metalaureateAuthor Commented:
Just my dev site.
0
 
metalaureateAuthor Commented:
So now I get the login, (thank!), but I can't seem to get the password to be recognized.

What should be using to get the hash of the password?
0
 
metalaureateAuthor Commented:
I figured that last bit out, thanks!
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now